Tuesday, April 27, 2010

on privacy

This is the first in a series of posts about my thoughts on end-user privacy on the internet.

Did you know that websites you visit sell your browsing history information to companies that aggregate this information from many users and sell it to advertisers? BlueKai is one such company. Go here to see what information it has about your browsing behaviour. eXelate Media is another example of such "behavioural data providers". Most online advertising networks do this, but keep the data within their network, for use by their own partners/advertisers, instead of making it commercially available.

The NAI makes all member companies (most companies involved in online advertising are members) provide an opt-out mechanism to users. For example, Google's opt-out page is here: http://www.google.com/privacy_ads.html. However, most users are not even aware of how much information is being tracked, much less how they can avoid being tracked.

Deleting cookies is often stated as a way to maintain privacy. However, there are these crumbs called Locally Shared Objects, provided by Flash, and supported by any Flash-enabled browser, that allow a website to store any data in your browser. They are very similar to cookies in that only the website that creates a particular LSO can access that LSO. However, they cannot be deleted from your browser. Adobe provides a Global Settings Manager on its website to manage the Flash component in your browser. Go there and see which websites have stored LSOs on your computer. Very often, LSOs are used to replicate cookie information, and deleted cookies can be restored from these LSOs. So even if you delete cookies, websites can identify you again. In fact, they can even tell if you deleted cookies.

Facebook's Instant Personalization is not the first to enable tracking of your browsing behaviour across websites and allowing websites to use that data. But they are doing it in the most transparent manner, sparking off the debate that is essential to figuring out the right+acceptable way to go about this, and taking all the flak for doing so.

The existence and protection of privacy has implications of systemic proportions on the ethos of the internet, and should not be taken lightly by only economic or political consideration. More on this in another post.

No comments: